review-fix-codex

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The workflow instructs running a mutable third‑party package (bunx @willbooster/agent-skills@latest) for a full hour and automatically committing/pushing any code changes, which creates a high-risk supply‑chain and remote‑code‑execution/backdoor vector (long‑running external code can exfiltrate secrets, modify repo code to introduce persistent backdoors, or abuse Git credentials).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow runs an external command (bunx @willbooster/agent-skills@latest review --agent codex) and explicitly treats the returned review results from that third-party package as the candidate comment set to read, interpret, and act on, which exposes the agent to untrusted third-party content that can change its code-editing behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow runs an external package at runtime via "bunx @willbooster/agent-skills@latest", which fetches and executes remote code that returns review results that directly control the agent's actions.